MISP
Bounded, read-only event synchronization through a configured integration. Review normalized entities before downstream use.
Read-only syncConnected, deliberately
Threat Foundry keeps connection mode, source scope, review state, and data ownership explicit. Start with offline imports or bounded sync, then add operational systems when ready.
Threat intelligence
Bounded, read-only event synchronization through a configured integration. Review normalized entities before downstream use.
Read-only syncBounded, read-only GraphQL intake from a configured server and token. Entity and relationship content stays tenant-owned.
Read-only syncUpload a bounded STIX bundle for review when a live platform connection is not appropriate for the environment.
File intakeArchitecture inventory
Export inventory from the customer cloud, inspect the file, and import it without granting Threat Foundry standing cloud credentials.
Import a supported bounded inventory export to propose components, relationships, and security zones for analyst review.
Offline exportTranslate supported Azure inventory exports into Blueprint proposals without a live control-plane connection.
Offline exportUse supported Cloud Asset inventory exports to seed a reviewable architecture model.
Offline exportOperations ecosystem
Run approved queries against configured search platforms. Query policy and overrides remain visible.
Use configured endpoint or host tooling for bounded investigation pivots and checks.
Export reviewed case work to configured ticket providers while retaining the internal evidence record.
Use configured models for assisted drafting and analysis with billing controls, warnings, and enforced stop thresholds.
Manage supported API credentials through tenant-aware configuration rather than hardcoded application values.
Map customer field aliases into a consistent entity model for investigation and reporting.
Availability depends on licensed third-party products, configured credentials, supported export formats, and customer policy. Threat Foundry does not imply a vendor partnership unless explicitly stated.
Start with the workflow
We will identify what can work on day one, what requires a connection, and where offline import is the safer first step.